如何使 TCP 服务器在路由器 (NAT) 后面工作而无需任何重定向配置
场景如下。我有两台机器A和B: A:客户端(NAT后面) B:服务器(位于 NAT 后面)
我希望 B 能够侦听任何给定端口,以便 A 可以通过该特定 TCP 端口向 B 发送数据包并接收任何响应。如果两台机器都不位于 NAT 后面,则过程非常简单。但是,我如何使其工作,以便即使 B 在路由器后面也能工作,而无需他去更改路由器配置,启用某些端口转发等...
例如,像 torrent 客户端这样的点对点程序如何工作无需用户进行任何配置即可工作?
The scenario is the following. I have two machines A and B:
A: Client (behind NAT)
B: Server (behind NAT)
I want B to be able to listen on any given port, so that A can send packets to B through that specific TCP port and receive any response. If both machines are not behind a NAT it is pretty straight foward process. However how do I make it work so that it works even when B is behind a router, without him having to go change the router configuration enable some port forwarding etc...
For example, how do peer-to-peer programs like torrent clients work without the user having anything to configure?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
回答点对点程序的例子,一般来说:有一种称为通用即插即用 哪些 NAT 路由器可以用来允许其后面的客户端向外部公开端口。这就是 BitTorrent 客户端可以使用的功能,以便其他客户端可以直接连接到它们。
To answer the example of Peer to Peer programs, and in general: There is a technology called Universal Plug and Play which NAT routers can use to allow clients behind them to expose ports to the outside. That's what bittorrent clients can use so the other clients can directly connect to them.
代理服务器的替代方案是匹配服务器。匹配器不会代理所有流量,而是仅进行协商,直到对等点可以相互通信。这涉及查找对等点的外部公共 IP 并与每个对等点进行通信,以便防火墙/路由器知道对等点希望进行通信。
这称为打洞,通常必须由匹配者而不是同行完成他们自己。一旦打通了洞,媒人就可以告诉同伴彼此的情况,他们就可以直接交流。
An alternative to a proxy server is a match-making server. Instead of proxying all of the traffic, the match maker just negotiates until the peers can talk to each other. This involves finding the external public IPs of the peers and talking to each one so that the firewall/router knows that the peers wish to communicate.
This is called hole punching and it often has to be done by the match maker rather than the peers themselves. Once the hole are punched though, the match maker can tell the peers about each other and they can communicate directly.
您必须:
从 nat 设置端口转发
服务器前面的网关进入您的服务器软件正在运行的机器,并且有客户端
连接到该设备的 IP 地址
网关。
创建代理服务器
在 2 个 nat 网关之间,所以两个
你的服务器和客户端可以连接
对此。您的服务器和客户端
必须建立一个连接
将调解数据的代理
在这 2 个连接之间。
You will have to either:
Set up port forwarding from the nat
gateway in front the server into the machine your server software is running, and have the client
connect to the IP address of that
gateway.
Create a proxy server sitting
inbetween the 2 nat gatewys so both
your server and client can connect
to that. Both your server and client
have to set up a connection to that
proxy which will mediate the data
between those 2 connections.
打洞对于 UDP 通信来说已经被很好地理解了,但它也可以可靠地用于建立点对点 TCP 流。这是关于 TCP 和 UDP 的详细文章:
http://www.brynosaurus.com/ pub/net/p2pnat/
Hole punching is moderately well-understood for UDP communication, but it can be reliably used to set up peer-to-peer TCP streams as well. Here is the well detailed article on both TCP and UDP:
http://www.brynosaurus.com/pub/net/p2pnat/